WO2014015759A1 - Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal - Google Patents

Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal Download PDF

Info

Publication number
WO2014015759A1
WO2014015759A1 PCT/CN2013/079552 CN2013079552W WO2014015759A1 WO 2014015759 A1 WO2014015759 A1 WO 2014015759A1 CN 2013079552 W CN2013079552 W CN 2013079552W WO 2014015759 A1 WO2014015759 A1 WO 2014015759A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
user
service provider
code
unique code
Prior art date
Application number
PCT/CN2013/079552
Other languages
English (en)
Chinese (zh)
Inventor
蒋晓
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to CA2879910A priority Critical patent/CA2879910C/fr
Priority to EP13823645.0A priority patent/EP2879421B1/fr
Priority to US14/417,024 priority patent/US9445269B2/en
Publication of WO2014015759A1 publication Critical patent/WO2014015759A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to information security technologies in mobile communication systems, and in particular, to a method, system and terminal for terminal identity authentication and service authentication. Background technique
  • the traditional mobile communication terminal security strategy mainly focuses on the single-host domain, that is, the mobile communication terminal security policy of a single user single host, that is, the user performs security management on the terminal device held by the individual.
  • the above security policies mainly include: User terminal device legality, such as: The user sets the power-on password for the terminal, so that the illegal user cannot be turned on; the function usage rights management, for example: restricting browsing of information stored in the terminal device, and encrypting the privacy information, For example: Encrypting documents, etc. Local security management.
  • These security policies do not involve the wireless delivery of user information, user identification, and service provider authentication of services submitted by users.
  • the main purpose of the embodiments of the present invention is to provide a method, a system, and a terminal for terminal identity authentication and service authentication, so as to ensure the security of the personal privacy information of the terminal user, and prevent malicious interception during wireless transmission. .
  • a method for terminal identity authentication and service authentication comprising:
  • the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted, and sent to the trusted cloud control center together with the user unique code;
  • the service provider generates a unique code according to its specific information, and sends the encrypted name of the specific information to the trusted cloud control center together with the generated unique code;
  • the trusted cloud control center authenticates the terminal and the service provider according to the unique code, and determines that both authentication codes are passed, and the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the current operation. Good service.
  • the generating process of the user unique code is: the terminal uses a hash algorithm to calculate user specific information in the SIM card, and generates a user unique code; the user specific information in the SIM card is: SIM card storage A subset of the various user-specific information collections.
  • the encrypting the name of the user-specific information is: encrypting the name of the user-specific information by using a personal identification code PIN.
  • the trusted cloud control center authenticates the terminal and the service provider according to the unique code, and is:
  • the trusted cloud control center decrypts the name of the user-specific information sent by the terminal, finds the corresponding user-specific information from its own storage server according to the name of the user-specific information obtained by the decryption, and generates a corresponding character by using a hash algorithm. a string; comparing the calculated string with a user unique code sent by the terminal, and if the comparison result is the same, indicating that the terminal is authenticated Passed; otherwise, the authentication failed;
  • the trusted cloud control center generates a corresponding character string by using a hash algorithm according to the name of the specific information of the service provider obtained by decryption, and compares the string with the unique code sent by the service provider, if If the comparison result is the same, it means that the authentication is passed; otherwise, the authentication fails.
  • the communication code comprises: a one-time key and a digital certificate.
  • the method further includes: after the service is completed, the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code, that is, notify the service provider to delete the communication code and its own unique code;
  • the letter cloud control center deletes the communication code and the unique code of the terminal and service provider.
  • a system for terminal identity authentication and service authentication comprising: a terminal, a service provider, and a trusted cloud control center; wherein
  • the terminal After the terminal is configured to initiate a service request, generate a user unique code according to user-specific information in the SIM card, and encrypt the name of the user-specific information, and send it to the trusted cloud control center together with the unique code of the user. ;
  • the service provider is configured to generate a unique code according to its specific information, and send the encrypted name of the specific information to the trusted cloud control center together with the generated unique code;
  • the trusted cloud control center configured In order to authenticate the terminal and the service provider according to the unique code, and determine that both authentications are passed, the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the service.
  • the terminal is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the The letter cloud control center deletes the communication code, and the unique code of the terminal and the service provider; correspondingly,
  • the service provider is further configured to delete the communication code after receiving the notification from the terminal. And its own unique code;
  • the trusted cloud control center is further configured to: after receiving the notification from the terminal, delete the communication code, and the unique code of the terminal and the service provider.
  • a terminal configured to generate a user unique code according to user-specific information in the SIM card after the service request is initiated, and encrypt the name of the user-specific information, and send the same with the unique code of the user.
  • the terminal is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the trusted cloud control.
  • the center deletes the communication code, as well as the unique code of the terminal and service provider.
  • the method, system and terminal for terminal identity authentication and service authentication provided by the embodiment of the present invention, after the terminal initiates a service request, the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted. And sending the unique code to the trusted cloud control center together with the user unique code; the service provider generates a unique code according to the specific information of the user, and sends the encrypted name of the specific information together with the generated unique code to the trusted cloud control.
  • the trusted cloud control center authenticates the terminal and the service provider according to the unique code, and determines that both authentication codes are passed, and the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the present Secondary service.
  • the user unique code is generated by using the information carried by the existing SIM card without increasing the existing terminal resources of the user, and the calculation method of the unique code is a hash algorithm, because the algorithm is irreversible, even if the malicious user intercepts The unique code, he can not get any valuable information from it, to ensure that the user information is safe and not impersonated.
  • the communication code encrypts the communication data of both the terminal and the service provider, and the security of the terminal user and the service provider information is also ensured.
  • the method of obtaining a word certificate, completing a digital signature, and the like requires a specific hardware device to support.
  • the embodiment of the present invention relies on the user terminal, the service provider, and the trusted cloud control center to communicate with each other, and does not need to be performed.
  • the user additionally purchases new hardware devices, therefore,
  • the implementation method of the embodiment of the invention can reduce the consumption cost of the user.
  • the terminal After the service is completed, the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code, which further ensures the security of the terminal and the service provider information.
  • FIG. 1 is a schematic flowchart of a method for implementing terminal authentication and service authentication according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a system for terminal identity verification and service authentication according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a service provider according to an embodiment of the present invention. Schematic diagram of the structure of the embodiment;
  • FIG. 4 is a schematic structural diagram of an embodiment of a trusted cloud control center according to an embodiment of the present invention. detailed description
  • the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted, and sent to the trusted cloud together with the unique code of the user.
  • the control center generates a unique code according to its specific information, and sends the encrypted name of the specific information to the trusted cloud control center together with the generated unique code; the trusted cloud control center is based on the unique code pair terminal and
  • the service provider performs authentication and determines that both authentications are passed, the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the service.
  • the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code.
  • the name of the user specific information is encrypted by using a Personal Identification Number (PIN);
  • the communication code includes: a one-time key and a digital certificate.
  • FIG. 1 is a schematic flowchart of a method for implementing terminal identity verification and service authentication according to an embodiment of the present invention. As shown in FIG. 1 , the implementation steps of the process are as follows: Step 101: After the terminal initiates the service request, the user unique code is generated according to the user specific information in the SIM card, and the name of the user specific information is encrypted, and then sent to the trusted cloud control center together with the user unique code;
  • the terminal initiates a service request to the service provider, according to user-specific information in the SIM card, such as: PIN, International Mobile Subscriber Identity (IMSI), authentication key (KI), and mobile subscriber temporary identifier (TMSI) And so on, use the hash algorithm to generate the user unique code.
  • the user-specific information is based on a subset of various user-specific information sets stored in the SIM card, that is, includes a part of the information stored in the SIM card, and the terminal user can select the application through the application provided by the service provider.
  • the type and number of information in the sub-set for example:
  • This function algorithm may use a hash algorithm, but is not limited to this algorithm.
  • the hash algorithm is preferred because the algorithm is irreversible, and even if a malicious user intercepts the unique code, he cannot obtain any valuable information from it, ensuring that the user information is safe and not impersonated.
  • the hash algorithm is unique. As long as the number of elements or elements in the subset changes, the user will get a different unique code. This ensures that the malicious person cannot falsify the user unique code by tampering with the user-specific subset of information and using the same hashing algorithm.
  • the novel unique code based on the user-specific information in the SIM card of the embodiment of the present invention serves as an important information of the security policy process, and ensures that the user identity is not impersonated, and the user information is not tampered with.
  • the user can regenerate a unique code, that is: each time selects a different combination manner from the user specific information selection interface described above to generate a new subset of the user specific information, and then Using this subset as the object of the hash algorithm calculation, a one-time user unique code is obtained.
  • This user unique code is random.
  • the user's unique code Produce independent of the terminal device, you can use the same SIM card to complete the services on different terminal devices.
  • the name of the user-specific information is encrypted by using the PIN, and sent to the trusted cloud control center together with the unique code of the user.
  • the name of the user-specific information corresponds to the user-specific information selected when the user unique code is generated, that is, if the user-specific information subset includes three user-specific information, the user-specific information to be encrypted here
  • the name is also three.
  • the user-specific information is a specific value, such as:
  • the IMSI value is a 15-digit decimal number
  • the name of the user-specific information is IMSI itself.
  • the name of the user-specific information is sent to the trusted cloud control center, which is used for subsequent authentication by the trusted cloud control center;
  • the encryption algorithm for the name of the user-specific information is an existing encryption algorithm, and the terminal and the The algorithm has been negotiated by the Trusted Cloud Control Center.
  • Step 102 The service provider generates a unique code according to the specific information of the service provider, and sends the encrypted name of the specific information to the trusted cloud control center together with the generated unique code;
  • the service provider generates its own unique code according to specific information that has been registered in the trusted cloud control center, such as ID and QR code, and the generation process is the same as the process of generating the unique code of the user, and also uses Hash algorithm, not detailed here. Similarly, the service provider needs to encrypt the name of its specific information and send it to the trusted cloud control center along with the generated unique code.
  • Step 103 The trusted cloud control center authenticates the terminal and the service provider according to the unique code, and determines that when both authentications are passed, the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete This service;
  • the trusted cloud control center decrypts the name of the user-specific information sent by the terminal, finds the corresponding user-specific information from the storage server according to the name of the user-specific information obtained by the decryption, and uses the same hash algorithm. A corresponding character string is generated, and the calculated character string is compared with the user unique code sent by the terminal. If the comparison result is the same, it indicates that the terminal authentication is passed; otherwise, the authentication fails.
  • the weight process is the same as the terminal authentication process, that is: according to the name of the specific information obtained by decryption, a hash algorithm is used to generate a corresponding string, and the string is compared with the unique code sent by the service provider, if If the comparison result is the same, it means that the authentication is passed; otherwise, the authentication fails.
  • the trusted cloud control center determines that the authentication of the terminal and the service provider is passed, the communication code of the service is separately sent to the terminal and the service provider, and the terminal and the service provider communicate with each other according to the communication code to complete This service.
  • the information includes but is not limited to: a one-time key and a digital certificate.
  • information sent by the terminal and the service provider to each other needs to be encrypted by using a one-time key in the communication code.
  • the one-time key in the communication code may also be one-time, which can ensure the security of the user information and prevent the user information from being maliciously falsified.
  • the end user can also ensure that the service provider's service is authenticated, as described in the following embodiments.
  • the embodiment of the present invention further includes the step 104: after the service is completed, the terminal notifies the service provider and the trusted cloud control center to delete the communication code and the unique code;
  • the service provider and the trusted cloud control center may be notified to delete the communication code and the unique code of the service, that is, the service provider deletes the service.
  • the communication code and its own unique code; the trusted cloud control center deletes the communication code of the current service and the unique code of both the terminal and the service provider. This step further ensures the security and privacy of user information.
  • Step 1 The user terminal enters the application interface provided by the bank to initiate a service process, selects a plurality of user-specific information stored in the SIM card in the bank selection interface, and calculates a user unique code through a hash algorithm; encrypts the user-specific information with the PIN The name, send the two together to the trusted cloud control center, and send the service request information to the bank.
  • Step 2 After receiving the service request information sent by the terminal, the bank uses the same as step one.
  • the hash algorithm obtains the unique code of the bank based on the specific information registered in the Trusted Cloud Control Center, encrypts the name of the specific information, and sends the unique code and the name of the encrypted specific information to the trusted cloud control center.
  • Step 3 The trusted cloud control center obtains the name of the user-specific information and the name of the bank-specific information according to the decryption, finds the specific information from its own storage server, and obtains the characters of the corresponding terminal and the bank by using the same hash algorithm. String, if the corresponding string is the same as the unique code of the terminal and the bank, it is determined that the two are legal, and the one-time key and the digital certificate for encrypting the service information are sent to the terminal and the bank respectively.
  • Step 4 After the terminal receives the pass code, the user performs digital signature, and the terminal sends the digital signature of the user to the bank;
  • the terminal also sends the digital signature to the trusted cloud control center for storage, thereby ensuring the non-repudiation of the entire service process and ensuring the tangible benefits of the user and the bank.
  • Step 5 After receiving the digital signature of the user, the bank completes the identity verification/service authentication of the user; the bank encrypts the service specific information and the identity identification information by using the one-time key issued by the trusted cloud control center, and Sended to the user terminal, the set of encrypted information may be referred to as a function code.
  • Step 6 After receiving the function code, the user terminal decrypts, and can verify the identity of the bank according to the bank identification information obtained by decryption; then further improve the service information, and then send it to the bank after being encrypted.
  • Step 7 The bank completes the verification of the service detailed information and completes the current service.
  • the bank opens the corresponding authority of the user, and sends the encrypted inquiry information to the user terminal, asking whether the user needs to increase the service item within the authority.
  • Step 8 If the user still needs other services, repeat steps 6 to 7. If you agree to complete the entire service, send the encrypted completion code to the bank and the trusted cloud control center to inform them of the key and uniqueness of the service. Code deletion. Step 9: The bank receives the notification confirming the completion of the service, discarding the one-time key and its own unique code.
  • Step 10 After receiving the notification, the Trusted Cloud Control Center discards the one-time key of the service and the unique code of the terminal and the bank.
  • the embodiment of the present invention further provides a system for terminal identity verification and service authentication.
  • the system includes: a terminal 21, a service provider 22, and a trusted cloud control center 23; wherein the terminal 21 After the service request is initiated, the user unique code is generated according to the user-specific information in the SIM card, and the name of the user-specific information is encrypted, and sent to the trusted cloud control center together with the unique code of the user;
  • the service provider 22 is configured to generate a unique code according to its specific information, and send the encrypted name of the specific information to the trusted cloud control center together with the generated unique code; the trusted cloud control center 23 And configured to authenticate the terminal and the service provider according to the unique code, and determine that both authentications are passed, and the communication code is sent to the terminal and the service provider, and the two communicate according to the communication code to complete the service.
  • the terminal 21 is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the trusted cloud.
  • the control center deletes the communication code, and the unique code of the terminal and the service provider; correspondingly,
  • the service provider 22 is further configured to: after receiving the notification of the terminal, delete the communication code and its own unique code; the trusted cloud control center 23 is further configured to: after receiving the notification from the terminal, delete the communication code, and The unique code of the terminal and service provider.
  • the embodiment of the present invention further provides a terminal, where the terminal is configured to generate a user unique code according to user specific information in the SIM card after initiating a service request, and encrypt the name of the user specific information, and The user unique code is sent to the trusted cloud control center together.
  • the terminal is further configured to notify the service provider and the trusted cloud control center to delete the communication code and the unique code after the service is completed, that is, notify the service provider to delete the communication code and its own unique code, and notify the trusted cloud control.
  • the center deletes the communication code, as well as the unique code of the terminal and service provider.
  • FIG. 3 is a schematic structural diagram of an embodiment of a service provider according to an embodiment of the present invention, including: a communication module 31, a storage server 32, an encryption/decryption operation module 33, and a control center 34.
  • the communication module 31 is configured to communicate with the terminal and the trusted cloud control center, and transmit data between the local data and the terminal and the trusted cloud control center;
  • the storage server 32 is configured to store its own specific information, a communication code, and its own unique code;
  • the encryption/decryption operation module 33 is configured to encrypt a name of the specific information of the self; the control center 34 is configured to generate a unique code according to the specific information of the self, and the name of the encrypted specific information is The communication module is sent to the trusted cloud control center together;
  • the control center 34 is further configured to delete the communication code stored in the storage server and its own unique code after receiving the notification from the terminal.
  • FIG. 4 is a schematic structural diagram of an embodiment of a trusted cloud control center according to an embodiment of the present invention, including: a communication module 41, a storage server 42, an encryption/decryption operation module 43, a certificate generation server 44, a key generation server 45, and a control center. 46.
  • the communication module 41 is configured to communicate with the terminal and the service provider, and transmit data between the local data and the terminal and the service provider;
  • the storage server 42 is configured to store a unique code sent by the terminal and the service provider, a name of the encrypted specific information of the service provider, and a name of the encrypted user-specific information of the terminal; storing the registered end user specific Information and service provider specific information; a communication code generated by the certificate generation server and the key generation server;
  • the encryption/decryption operation module 43 is configured to decrypt the name of the service provider's encrypted specific information and the name of the encrypted user-specific information of the terminal;
  • the certificate generation server 44 is configured to generate a digital certificate in the communication code;
  • the key generation server 45 is configured to generate a one-time key in the communication code;
  • the control center 46 is configured to And the service provider performs authentication to determine that both authentications are passed, and the communication code is sent to the terminal and the service provider via the communication module; the control center 46 is further configured to delete the storage server after receiving the notification from the terminal.
  • the terminal includes, but is not limited to, a Portable Application Description (PAD), a smart phone, an Ultrabook, and can also be applied to a general mobile phone, a data card, etc., which can support a 3G network. Terminal products for services.
  • PAD Portable Application Description
  • the specific implementation steps of the method of the present invention include, but are not limited to, the above process, and may define new process steps or streamline process steps for services of different security levels and application scopes, and achieve flexible use.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, comportant les étapes suivantes : après avoir lancé une demande de service, un terminal génère un code d'utilisateur unique en fonction des informations d'utilisateur particulières figurant sur une carte SIM, chiffre le nom des informations d'utilisateur particulières, et envoie les informations d'utilisateur particulières accompagnées du code d'utilisateur unique à un centre de contrôle en nuage de confiance ; un prestataire de services génère un code unique en fonction de ses informations particulières et envoie le nom de ses informations particulières chiffrées accompagné du code unique généré au centre de contrôle en nuage de confiance ; le centre de contrôle en nuage de confiance procède à l'authentification du terminal et du prestataire de services en fonction du code unique et envoie un code de communication au terminal et au prestataire de services lorsque le terminal et le prestataire de services sont tous deux authentifiés avec succès ; et le terminal et le prestataire de services communiquent en fonction du code de communication pour mener à bien le service en question. L'invention concerne également un système et un terminal. Le procédé, le système et le terminal assurent la sécurité des informations personnelles de confidentialité d'un utilisateur de terminal, empêchant ainsi que les informations soient interceptées par malveillance lors d'un processus de transmission sans fil.
PCT/CN2013/079552 2012-07-24 2013-07-17 Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal WO2014015759A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA2879910A CA2879910C (fr) 2012-07-24 2013-07-17 Procede de confirmation de l'identite d'un terminal et d'authentification d'un service, systeme et terminal
EP13823645.0A EP2879421B1 (fr) 2012-07-24 2013-07-17 Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal
US14/417,024 US9445269B2 (en) 2012-07-24 2013-07-17 Terminal identity verification and service authentication method, system and terminal

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210257464.1A CN102761870B (zh) 2012-07-24 2012-07-24 一种终端身份验证和服务鉴权的方法、系统和终端
CN201210257464.1 2012-07-24

Publications (1)

Publication Number Publication Date
WO2014015759A1 true WO2014015759A1 (fr) 2014-01-30

Family

ID=47056158

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079552 WO2014015759A1 (fr) 2012-07-24 2013-07-17 Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal

Country Status (5)

Country Link
US (1) US9445269B2 (fr)
EP (1) EP2879421B1 (fr)
CN (1) CN102761870B (fr)
CA (1) CA2879910C (fr)
WO (1) WO2014015759A1 (fr)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2499787B (en) 2012-02-23 2015-05-20 Liberty Vaults Ltd Mobile phone
CN102761870B (zh) 2012-07-24 2015-06-03 中兴通讯股份有限公司 一种终端身份验证和服务鉴权的方法、系统和终端
KR102133450B1 (ko) * 2013-05-30 2020-07-13 삼성전자 주식회사 프로파일 설정 방법 및 장치
GB2517732A (en) * 2013-08-29 2015-03-04 Sim & Pin Ltd System for accessing data from multiple devices
CN105592456B (zh) * 2014-10-20 2018-10-30 中国电信股份有限公司 二维码认证的方法和系统
CN106101068B (zh) * 2016-05-27 2019-06-11 宇龙计算机通信科技(深圳)有限公司 终端通信方法及系统
KR101809974B1 (ko) * 2017-05-22 2017-12-19 주식회사 에프엔에스벨류 다중 사용자의 인증요소를 조합하여 보안키를 생성하는 보안인증시스템 및 보안인증방법
CN107222556A (zh) * 2017-06-28 2017-09-29 中天海洋系统有限公司 一种深海观测安全可信组网系统
CN108932619B (zh) * 2018-06-07 2022-03-22 贵州玛迩比特通信科技有限公司 一种终端离线的收费服务方法及系统
WO2020162739A1 (fr) * 2019-02-08 2020-08-13 주식회사 센스톤 Procédé, programme et appareil pour identifier un dispositif à l'aide d'un code virtuel sur la base d'une valeur unique de puce
EP3917103A1 (fr) * 2020-05-29 2021-12-01 Siemens Aktiengesellschaft Procédé, système, émetteur et récepteur d'authentification d'un émetteur
US20220217136A1 (en) * 2021-01-04 2022-07-07 Bank Of America Corporation Identity verification through multisystem cooperation

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1764296A (zh) * 2004-10-22 2006-04-26 北京握奇数据系统有限公司 动态口令认证系统和方法
CN102761870A (zh) * 2012-07-24 2012-10-31 中兴通讯股份有限公司 一种终端身份验证和服务鉴权的方法、系统和终端

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691578A (zh) * 2004-04-29 2005-11-02 华为技术有限公司 一种设备验证自身合法性的方法
US20060059344A1 (en) * 2004-09-10 2006-03-16 Nokia Corporation Service authentication
NO20050152D0 (no) * 2005-01-11 2005-01-11 Dnb Nor Bank Asa Fremgangsmate ved frembringelse av sikkerhetskode og programmbar anordning for denne
US20070186115A1 (en) 2005-10-20 2007-08-09 Beijing Watch Data System Co., Ltd. Dynamic Password Authentication System and Method thereof
EP1865656A1 (fr) * 2006-06-08 2007-12-12 BRITISH TELECOMMUNICATIONS public limited company Établissement d'une communication sécurisée utilisant une authentification par un tiers
US8640203B2 (en) * 2007-06-04 2014-01-28 Rajesh G. Shakkarwar Methods and systems for the authentication of a user
CN101588579B (zh) * 2008-05-20 2011-09-14 华为技术有限公司 一种对用户设备鉴权的系统、方法及其基站子系统
US8590037B2 (en) * 2008-12-23 2013-11-19 Sandisk Technologies Inc. Managing host application privileges
US9166975B2 (en) * 2012-02-16 2015-10-20 Inbay Technologies Inc. System and method for secure remote access to a service on a server computer
US8590022B2 (en) * 2009-02-26 2013-11-19 Blackberry Limited Authentication using a wireless mobile communication device
US8584221B2 (en) * 2009-10-23 2013-11-12 Microsoft Corporation Authenticating using cloud authentication
CN102316080B (zh) * 2010-06-30 2016-06-01 百度在线网络技术(北京)有限公司 支持中心认证服务在同一主域下的匿名验证功能
CN102571702B (zh) * 2010-12-22 2014-11-05 中兴通讯股份有限公司 物联网中的密钥生成方法、系统和设备
US8667569B2 (en) * 2011-09-29 2014-03-04 Target Brands, Inc. Credentials management
US20130208893A1 (en) * 2012-02-13 2013-08-15 Eugene Shablygin Sharing secure data
US20130226812A1 (en) * 2012-02-24 2013-08-29 Mads Landrok Cloud proxy secured mobile payments
US9038137B2 (en) * 2012-06-28 2015-05-19 Cellco Partnership Subscriber authentication using a user device-generated security code

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1764296A (zh) * 2004-10-22 2006-04-26 北京握奇数据系统有限公司 动态口令认证系统和方法
CN102761870A (zh) * 2012-07-24 2012-10-31 中兴通讯股份有限公司 一种终端身份验证和服务鉴权的方法、系统和终端

Also Published As

Publication number Publication date
US20150208238A1 (en) 2015-07-23
CA2879910A1 (fr) 2014-01-30
CA2879910C (fr) 2018-02-13
CN102761870B (zh) 2015-06-03
EP2879421B1 (fr) 2019-09-11
CN102761870A (zh) 2012-10-31
US9445269B2 (en) 2016-09-13
EP2879421A1 (fr) 2015-06-03
EP2879421A4 (fr) 2015-10-21

Similar Documents

Publication Publication Date Title
WO2014015759A1 (fr) Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal
KR102134302B1 (ko) 무선 네트워크 접속 방법 및 장치, 및 저장 매체
US8327143B2 (en) Techniques to provide access point authentication for wireless network
US9094823B2 (en) Data processing for securing local resources in a mobile device
US11336641B2 (en) Security enhanced technique of authentication protocol based on trusted execution environment
CN109729523B (zh) 一种终端联网认证的方法和装置
CN101621794A (zh) 一种无线应用服务系统的安全认证实现方法
US8397281B2 (en) Service assisted secret provisioning
WO2014180198A1 (fr) Procédé, système et dispositif d'accès d'un terminal et support de stockage informatique
WO2022111187A1 (fr) Procédé et appareil d'authentification de terminal, dispositif informatique et support de stockage
US10091189B2 (en) Secured data channel authentication implying a shared secret
KR101281099B1 (ko) 스마트폰 분실 및 도난의 피해 방지를 위한 인증방법
CN105141629A (zh) 一种基于WPA/WPA2 PSK多密码提升公用Wi-Fi网络安全性的方法
KR101745482B1 (ko) 스마트홈 시스템에서의 통신 방법 및 그 장치
CN109522689B (zh) 移动办公环境下的多因子强身份认证方法
KR102355708B1 (ko) 블록체인 키를 이용한 사용자 인증 기반의 요청 처리 방법, 그 방법이 적용된 시스템
JP2017139026A (ja) 信頼できる認証およびログオンのための方法および装置
JP2015111440A (ja) 信頼できる認証およびログオンのための方法および装置
KR20130046781A (ko) 무선 네트워크 접속 인증 방법 및 그 시스템
KR101431010B1 (ko) 하드웨어 인증 모듈을 이용한 액세스 포인트 인증 장치 및 방법
Guo et al. 2FA Communication Protocol to Secure Metro Control Devices
JP2017108239A (ja) 通信システム、端末装置、通信装置、通信方法、及びプログラム
CN115988496A (zh) 接入认证方法及装置
Hsieh et al. An Improved Mutual Authentication Mechanism for Securing Smart Phones
Nagesha et al. A Survey on Wireless Security Standards and Future Scope.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13823645

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2879910

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 14417024

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2013823645

Country of ref document: EP